Computer Engineering and Applications ›› 2008, Vol. 44 ›› Issue (1): 138-141.

• 网络、通信与安全 • Previous Articles     Next Articles

Clustering-based unsupervised anomaly detection method

YANG Bin,LIU Wei-guo   

  1. College of Information Science & Engineering,Central South University,Changsha 410083,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-01-01 Published:2008-01-01
  • Contact: YANG Bin

一种基于聚类的无监督异常检测方法

杨 斌,刘卫国   

  1. 中南大学 信息科学与工程学院,长沙 410083
  • 通讯作者: 杨 斌

Abstract: Unsupervised anomaly detection can’t detect a massive attack in bursts.In order to solve this problem,this paper proposes a unsupervised anomaly detection model based on clustering.It chooses clustering result from multi-clusters which has the minimum DB index,applies minimum intra-cluster distance and maximum intra-cluster distance to classify every cluster,then identifies attacks.Experimental results show that the proposed strategy can improve obviously detection rate and decrease false positive rate.

Key words: unsupervised anomaly detection, K-means algorithm, Davies-Bouldin index, intra-cluster distance

摘要: 为了解决无监督异常检测方法无法检测突发性的大规模攻击的问题,提出了一种基于聚类的无监督异常检测模型,该模型从多个聚类器中选取DB指数最小的分簇结果,并利用最小簇内距离、最大簇内距离对每个簇进行分类,从而识别出攻击。实验表明该模型明显提高了检测率、降低了误报率。

关键词: 无监督异常检测, K均值算法, DB指数, 簇内距离